WordPress BBPress plugin version 2.5 suffers from an unauthenticated privilege escalation vulnerability.
a6217fd54141ba4dd36c902308da0bacApple Security Advisory 2020-05-26-4 - tvOS 13.4.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
81d9a3b413281addfed064bcea5fcab2Apple Security Advisory 2020-05-26-11 - Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and addresses a code execution vulnerability.
a39cc03e4fead835d7ca1474dea20d30Apple Security Advisory 2020-05-26-10 - iCloud for Windows 7.19 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
1914f521bdf896420dfcdb61d01d022fApple Security Advisory 2020-05-26-9 - iCloud for Windows 11.2 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
505d9135fc0282789086d7a39861e439Apple Security Advisory 2020-05-26-5 - watchOS 6.2.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
4c33fa712fc6587e6b2fc7aef5f0833bApple Security Advisory 2020-05-26-8 - iTunes 12.10.7 for Windows addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
291e94da2513acdd977e166aa42053c6Apple Security Advisory 2020-05-26-3 - macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address bypass, code execution, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f886e2685c265c1b6943d183b100b952Apple Security Advisory 2020-05-26-7 - Safari 13.1.1 is now available and addresses code execution and cross site scripting vulnerabilities.
22da1b429e77c46ccafd69d8581e49f7Apple Security Advisory 2020-05-26-6 - watchOS 5.3.7 addresses a memory corruption vulnerability.
f331a7ace5f177db38b01383605e825bApple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3bf84c95f1052ea67704c2a2f7179ba0Apple Security Advisory 2020-05-26-2 - iOS 12.4.7 addresses an out of bounds write vulnerability.
f5e16f5f58e9c69a6bb267396dc8a689Ubuntu Security Notice 4367-2 - USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Various other issues were also addressed.
a7ff44eff3672e7d5da03bfb9c8127feUbuntu Security Notice 4369-2 - USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Various other issues were also addressed.
fd0df16897a8e91cd82dcaa6c77e3506Ubuntu Security Notice 4359-2 - USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Various other issues were also addressed.
3aae618dec483a779a57ea1ce8065d47Crystal Shard http-protection version 0.2.0 suffers from an IP spoofing bypass vulnerability.
6d1cdc2247ff8ed8eefca89cf866d2cdWordPress Multi-Scheduler plugin version 1.0.0 suffers from a cross site request forgery vulnerability.
6e71d15c270eba74713021d0928fc020Various PanaceaSoft products appear to suffer from a shell upload vulnerability.
dbac78cf550b5cda3c73303bea5d98e1Red Hat Security Advisory 2020-2337-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.
66d8daaad19e8f18faddbad4a06d9024Red Hat Security Advisory 2020-2336-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
5d2cb273c144cc065dffa6f4c7e8801bRed Hat Security Advisory 2020-2338-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
a2e80d58f6aebde69885e7fefe2a3aeeRed Hat Security Advisory 2020-2335-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
94dc2ae5b432b336772822bec529e6b5Red Hat Security Advisory 2020-2334-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
607b4d3ddb74a2f874c8211b7f179b43This Metasploit module exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes a remote code execution issue.
e6986dcdd89a11102dc17483054ea333The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.
1b90a8f7ec30889bdb9321cdf60bc14e
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed